<html>
<head><meta charset="utf-8"><title>new bastion · t-infra · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/index.html">t-infra</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html">new bastion</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="207504661"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207504661" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207504661">(Aug 20 2020 at 09:34)</a>:</h4>
<p>I'll take the bastion server offline to migrate it to the new vpc</p>



<a name="207504669"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207504669" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207504669">(Aug 20 2020 at 09:34)</a>:</h4>
<p>cc <span class="user-mention" data-user-id="116122">@simulacrum</span> <span class="user-mention" data-user-id="232545">@Joshua Nelson</span></p>



<a name="207504675"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207504675" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207504675">(Aug 20 2020 at 09:34)</a>:</h4>
<p>and I guess also <span class="user-mention" data-user-id="116155">@Jake Goulding</span></p>



<a name="207506310"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207506310" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207506310">(Aug 20 2020 at 09:58)</a>:</h4>
<p><span class="user-mention" data-user-id="232545">@Joshua Nelson</span> <span class="user-mention" data-user-id="116155">@Jake Goulding</span> <span class="user-mention" data-user-id="117568">@Aidan Hobson Sayers</span> <span class="user-mention" data-user-id="116015">@Alex Crichton</span> <span class="user-mention" data-user-id="116122">@simulacrum</span> I re-created the bastion server inside the new VPC, so it's now possible to access private resources from it! The IP is the same, but the host key changed, so if you get warnings the next time you connect to our instances that's expected.</p>



<a name="207507043"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207507043" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207507043">(Aug 20 2020 at 10:09)</a>:</h4>
<p><span class="user-mention" data-user-id="121055">@Pietro Albini</span> hm does that mean we can migrate the database to not have public IP then?</p>



<a name="207507052"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207507052" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207507052">(Aug 20 2020 at 10:09)</a>:</h4>
<p><span class="user-mention" data-user-id="116122">@simulacrum</span> yep, that's what prompted me to do this :)</p>



<a name="207507100"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207507100" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> simulacrum <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207507100">(Aug 20 2020 at 10:10)</a>:</h4>
<p>Great!</p>



<a name="207507307"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207507307" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207507307">(Aug 20 2020 at 10:13)</a>:</h4>
<p>oh, also, I briefly looked in the home dirs on the old servers and all were empty</p>



<a name="207507334"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207507334" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207507334">(Aug 20 2020 at 10:13)</a>:</h4>
<p>just in case that was not true I kept the old server around (it's stopped right now)</p>



<a name="207507348"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207507348" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207507348">(Aug 20 2020 at 10:13)</a>:</h4>
<p>if you need some file ping someone with aws access to boot it up and give you the ip</p>



<a name="207507362"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207507362" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207507362">(Aug 20 2020 at 10:14)</a>:</h4>
<p>otherwise I'll delete it like next week</p>



<a name="207511397"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207511397" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207511397">(Aug 20 2020 at 11:15)</a>:</h4>
<p>pushed the terraform configuration and updated the docs on the forge btw</p>



<a name="207626883"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207626883" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Javier Viola <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207626883">(Aug 21 2020 at 12:14)</a>:</h4>
<p>HI <span class="user-mention" data-user-id="121055">@Pietro Albini</span> , I wonder if we can use  aws session manager instead of a bastion to  connect to the vpc instances. <br>
<a href="https://aws.amazon.com/blogs/infrastructure-and-automation/toward-a-bastion-less-world/">https://aws.amazon.com/blogs/infrastructure-and-automation/toward-a-bastion-less-world/</a><br>
This have the benefits of reduce the surface area and you can manage the permission through IAM.</p>



<a name="207628686"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207628686" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207628686">(Aug 21 2020 at 12:35)</a>:</h4>
<p><span class="user-mention" data-user-id="298771">@Javier Viola</span> hmm</p>



<a name="207628870"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207628870" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207628870">(Aug 21 2020 at 12:37)</a>:</h4>
<p>since I last looked at it, it seems to have gained support for non-aws instances</p>



<a name="207628877"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207628877" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207628877">(Aug 21 2020 at 12:37)</a>:</h4>
<p>(which we have a lot of)</p>



<a name="207628896"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207628896" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207628896">(Aug 21 2020 at 12:37)</a>:</h4>
<p>but it doesn't seem capable yet of granting access to rds without making a mess</p>



<a name="207628972"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207628972" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207628972">(Aug 21 2020 at 12:38)</a>:</h4>
<p>(right now we can just use <code>ssh -NL 5432:RDS_HOSTNAME:5432 bastion.infra.rust-lang.org</code> to forward access locally it)</p>



<a name="207630665"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207630665" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Javier Viola <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207630665">(Aug 21 2020 at 12:58)</a>:</h4>
<p>Hi <span class="user-mention" data-user-id="121055">@Pietro Albini</span> , thanks for the reply.  Yes, require a little more of works. I currently use a script based on <a href="https://github.com/rewindio/aws-connect/blob/main/aws-connect">https://github.com/rewindio/aws-connect/blob/main/aws-connect</a> to create ssh tunnels to different vpc stacks.</p>



<a name="207630714"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207630714" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207630714">(Aug 21 2020 at 12:59)</a>:</h4>
<p>that's... a lot of bash :)</p>



<a name="207631008"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207631008" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> mati865 <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207631008">(Aug 21 2020 at 13:01)</a>:</h4>
<p>it could have been worse, like written in powershell ;)</p>



<a name="207640280"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/new%20bastion/near/207640280" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Javier Viola <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/new.20bastion.html#207640280">(Aug 21 2020 at 14:27)</a>:</h4>
<p>yes, and the wrapper have more bash :)</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>